Definitions Edit

The Chief Information Officer (CIO)

[f]ocuses on information security strategy within an organization and is responsible for the strategic use and management of information, information systems, and IT.[1]
is an organizational official responsible for (1) designating a chief information security officer; (2) developing and maintaining cybersecurity policies, procedures, and control techniques to address all applicable requirements; (3) overseeing personnel with significant responsibilities for cybersecurity and ensuring that the personnel are adequately trained; (4) assisting senior organizational officials concerning their security responsibilities; and (5) coordinating with other senior officials.[2]
[is an] [a]gency official responsible for:
(i) Providing advice and other assistance to the head of the executive agency and other senior management personnel of the agency to ensure that information technology is acquired and information resources are managed in a manner that is consistent with laws, Executive Orders, directives, policies, regulations, and priorities established by the head of the agency;
(ii) Developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture for the agency; and
(iii) Promoting the effective and efficient design and operation of all major information resources management processes for the agency, including improvements to work processes of the agency.[3]

U.S. government Edit


References Edit

  1. Cybersecurity Human Capital: Initiatives Need Better Planning and Coordination, at 38.
  2. Electricity Subsector Cybersecurity Risk Management Process, App. F, at 73.
  3. Clinger-Cohen Act of 1996, Pub. L. No. 104-106, §5125(b).

See also Edit

Community content is available under CC-BY-SA unless otherwise noted.